Comments (10)
Hmm, I tried slightly different firewall configs, and they worked fine:
- community.hrobot.firewall:
hetzner_user: "{{ hetzner_user }}"
hetzner_password: "{{ hetzner_pass }}"
server_ip: "{{ server_ip }}"
# server_number: "{{ server_no }}"
port: main
state: present
filter_ipv6: false
allowlist_hos: true
rules:
input:
# - name: "Allow ICMP"
# ip_version: "ipv4"
# protocol: icmp
# action: "accept"
- name: "Allow all"
ip_version: "ipv4"
action: "accept"
output:
- name: "Allow all"
action: "accept"
I tried this both with server_number
and server_ip
(both worked fine), and with the ICMP rule commented in and out.
from community.hrobot.
Hey felix,
thank your very much for your help and time invested. Overseen the now required 'filter_ipv6'. As my receipes are a bit mature, this parameter was missing. Everything works fine.
from community.hrobot.
Let me reopen this, since this error shouldn't happen, the module should either complain (with details what's missing) or somehow use a default value. I'll try to look into this later this week.
from community.hrobot.
(And thanks for figuring out that this is related to filter_ipv6
, that saves me some time :) )
from community.hrobot.
Yes, I also thought about it afterwards. Somewhat more meaningful error messages would be nicer overall. 400 INVALID_INPUT is so terribly unspecific.
from community.hrobot.
I wish the API would return more useful error messages... (Or maybe we're not passing them on correctly? I'll hopefully also figure that out during debugging :) )
from community.hrobot.
Actually there were some more details. I've extended the code to show them: "msg": "Request failed: 400 INVALID_INPUT (invalid input). Invalid input parameters: ['rules']."
.
Trying this out some more, I found that the problem is with - name: Allow ICMP protocol, so you can ping your server
. With the comma, it fails (invalid). Without the comma, it works fine 😮 When trying to set that name in the UI, I get the message Ungültige Zeichen, erlaubt sind: A-Z a-z 0-9 - + _ . @
. That information is unfortunately not mentioned in the API docs...
from community.hrobot.
(Leaving away filter_ipv6
isn't a problem BTW, I tested that first.)
from community.hrobot.
Interesting, the text "Allow ICMP protocol, so you can ping your server" is from your doc. I used it after I just couldn't get mine to work. Maybe you should change it.
from community.hrobot.
Good point!
I've created #89 to improve error reporting and documenation of the firewall
module.
from community.hrobot.
Related Issues (8)
- ssh-key setting for rescue mode gives errors
- Important information for collection maintainers
- Ansible Contributor Summit. Tuesday, April 12, 2022.
- Failed to parse robot.yml "Invalid empty host name provided" HOT 4
- Handle storage boxes as full-fledged objects HOT 1
- New version of Robot Firewall introduced breaking changes HOT 7
- Only one authorized_keys is uploaded when booting to rescue HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from community.hrobot.